This repository has been archived by the owner on Jun 7, 2022. It is now read-only.
/
Remove-TppCertificate.ps1
118 lines (91 loc) · 3.47 KB
/
Remove-TppCertificate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<#
.SYNOPSIS
Remove a certificate
.DESCRIPTION
Removes a Certificate object, all associated objects including pending workflow tickets, and the corresponding Secret Store vault information.
All associations must be removed for the certificate to be removed.
You must either be a Master Admin or have Delete permission to the Certificate object
and to the Application and Device objects if they are to be deleted automatically with -Force
.PARAMETER InputObject
TppObject which represents a unique object
.PARAMETER Path
Path to the certificate to remove
.PARAMETER Force
Provide this switch to force all associations to be removed prior to certificate removal
.PARAMETER TppSession
Session object created from New-TppSession method. The value defaults to the script session object $TppSession.
.INPUTS
InputObject or Path
.OUTPUTS
None
.EXAMPLE
$cert | Remove-TppCertificate
Remove a certificate via pipeline
.EXAMPLE
Remove-TppCertificate -Path '\ved\policy\my cert'
Remove a certificate
.EXAMPLE
Remove-TppCertificate -Path '\ved\policy\my cert' -force
Remove a certificate and automatically remove all associations
.LINK
http://venafitppps.readthedocs.io/en/latest/functions/Remove-TppCertificate/
.LINK
https://github.com/gdbarron/VenafiTppPS/blob/main/VenafiTppPS/Code/Public/Remove-TppCertificate.ps1
.LINK
https://docs.venafi.com/Docs/20.4SDK/TopNav/Content/SDK/WebSDK/r-SDK-DELETE-Certificates-Guid.php?tocpath=Web%20SDK%7CCertificates%20programming%20interface%7C_____9
#>
function Remove-TppCertificate {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')]
param (
[Parameter(Mandatory, ParameterSetName = 'ByObject', ValueFromPipeline)]
[TppObject] $InputObject,
[Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'ByPath')]
[ValidateNotNullOrEmpty()]
[ValidateScript( {
if ( $_ | Test-TppDnPath ) {
$true
} else {
throw "'$_' is not a valid DN path"
}
})]
[Alias('DN', 'CertificateDN')]
[String] $Path,
[Parameter()]
[switch] $Force,
[Parameter()]
[TppSession] $TppSession = $Script:TppSession
)
begin {
$TppSession.Validate()
$params = @{
TppSession = $TppSession
Method = 'Delete'
UriLeaf = 'placeholder'
}
}
process {
if ( $PSBoundParameters.ContainsKey('InputObject') ) {
$path = $InputObject.Path
$guid = $InputObject.Guid
} else {
$guid = $Path | ConvertTo-TppGuid -TppSession $TppSession
}
# ensure either there are no associations or the force flag was provided
$associatedApps = $Guid |
Get-TppAttribute -Attribute "Consumers" -EffectivePolicy -TppSession $TppSession |
Select-Object -ExpandProperty Value
if ( $associatedApps ) {
if ( $Force ) {
$params.Body = @{'ApplicationDN' = @($associatedApps) }
} else {
Write-Error ("Path '{0}' has associations and cannot be removed. Provide -Force to override." -f $Path)
Return
}
}
$params.UriLeaf = "Certificates/$Guid"
if ( $PSCmdlet.ShouldProcess($Path, 'Remove certificate and all associations') ) {
Remove-TppCertificateAssociation -Path $Path -All -TppSession $TppSession
Invoke-TppRestMethod @params
}
}
}